IOPList.Org

Full Version: VPN VS. TOR For Anonymizing Browsing/IP
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3
Download the tor browser bundle from the tor-project.org

Install and use.

It's really just that easy.

If more detailed instructions are desired, let me know and I'd be happy to provide.

The tor-project is not-for-profit, so if you like it please consider donating to keep it alive and user friendly.
To r is a wonderful set up ... just a shame that most ven dors do not use https ...
(01-20-2016, 05:32 AM)whatapain Wrote: [ -> ]To r is a wonderful set up ... just a shame that most ven dors do not use https ...

I agree whatapain, it is difficult to use when a lot of the vendor websites don't work well with it and opening up scripts can leave you somewhat vulnerable, if I recall correctly. Sad other than that though, it is great for anonymizing, there are also nice mail providers on their that support encryption etc that are a little more in depth than clearnet providers. You just have to watch out for compromised nodes is the only thing I have heard negative.
(01-20-2016, 05:32 AM)whatapain Wrote: [ -> ]To r is a wonderful set up ... just  a shame that most ven dors do not use https ...

I wish more used https as well. However, if they bought a SSL certificate most browsers would automatically recognise then it could easily be revoked. If they issued a self-signed cert then customers would get a warning about the site being unsafe until they set a security exemption in their browser. From a technical perspective, neither of these is a show-stopper, but I can imagine it putting off customers. If Chrome/Firefox flashes up a warning about it not being safe to proceed, what percentage of customers will go somewhere else? I'm guessing a lot!
(01-16-2016, 02:57 PM)graham3735 Wrote: [ -> ]I tried to use Tor back in the silkroa days but could never get it to install. And I've never had a reason to use another anonymous type of browser till now it seems like a good idea. But I'm not familiar with it at all. Can anyone give me an idea where to find out how it works or more important how and when to use it?
-----------------------------------------------------------------------------------------------------------------------------------------------------

Yes. Do a search for Guardian projects apps. Also, check that your OS or antivirus isn't blocking you from using it. I haven't looked at it too much, but window.s 10 won't allow me to run the file ever since I upgraded (regrettably) and my uneducated guess COULD be that an additional security feature MS has been introduced.... - see PowerShell.....?

"And Kaya, it's all about trust and not getting ripped off.peed is completely secondary for me. But yeah, 7 days is a new record for me and is nice."
Agreed! I have had a package "lost". 2 months later and it arrives -- with a dirty footprint on it. ( The packaging)
Speed with regard to delivery times also count, but I would rather be safe than sorry.
(01-20-2016, 06:19 PM)barq- Wrote: [ -> ]
(01-20-2016, 05:32 AM)whatapain Wrote: [ -> ]To r is a wonderful set up ... just  a shame that most ven dors do not use https ...

I wish more used https as well. However, if they bought a SSL certificate most browsers would automatically recognise then it could easily be revoked. If they issued a self-signed cert then customers would get a warning about the site being unsafe until they set a security exemption in their browser. From a technical perspective, neither of these is a show-stopper, but I can imagine it putting off customers. If Chrome/Firefox flashes up a warning about it not being safe to proceed, what percentage of customers will go somewhere else? I'm guessing a lot!

As always, great advice and excellent points you made regarding the SSL certs. That might explain why I was warned - cert expired?

(01-22-2016, 05:55 PM)Flippity Wrote: [ -> ]
(01-20-2016, 06:19 PM)barq- Wrote: [ -> ]
(01-20-2016, 05:32 AM)whatapain Wrote: [ -> ]To r is a wonderful set up ... just  a shame that most ven dors do not use https ...

I wish more used https as well. However, if they bought a SSL certificate most browsers would automatically recognise then it could easily be revoked. If they issued a self-signed cert then customers would get a warning about the site being unsafe until they set a security exemption in their browser. From a technical perspective, neither of these is a show-stopper, but I can imagine it putting off customers. If Chrome/Firefox flashes up a warning about it not being safe to proceed, what percentage of customers will go somewhere else? I'm guessing a lot!

As always, great advice and excellent points you made regarding the SSL certs. That might explain why I was warned - cert expired..?
(12-30-2015, 06:44 PM)comingdown Wrote: [ -> ]Before I start, let me first say that I am not advocating or trying to discuss the use of TOR for dark onion sites or anything illegal. This is from a perspective of IP/browsing anonymizing

My Question is what is the communities perspective/opinions regarding using TOR or using VPN to anonymize browsing on the internet and hiding IP addresses? I know you have to trust your VPN and that TOR can have corrupt nodes in which people are doing man-in-the-middle attacks etc to obtain info/logins etc but trying to find out what pros/cons of each and what each person's preference is along with any additional security steps to minimize digital footprint

I am sure there are more technical people on this site with great knowledge on cybersecurity. I am trying to generate some thoughts and ideas for the community and myself to keep their browsing habits safe.

Especially after the CISA act was just passed, which was bullshit 2k paper but in the middle of a budget bill that had to pass asap, with only a short notice for reps to read and understand it, but it is basically a second patriot act and allows agencies to get info shared from other agencies and info from ALL US companies etc. circumvent privacy laws etc. very shady.

So what are your thoughts on what is best to use to anonymize IP and web browsing from your ISP and others etc? What weaknesses does each have and what benefits does each have? and best practices for leaving the least amount of cyber-footprint

Hopefully some of our talented IT and knowledgeable members will see this and contribute. I appreciate everyone's input, as I am only looking to make the community safer for us. Thank you friends! Big Grin

 I like Tor been good to me so far...
(01-22-2016, 05:55 PM)Flippity Wrote: [ -> ]
(01-20-2016, 06:19 PM)barq Wrote: [ -> ]I wish more used https as well. However, if they bought a SSL certificate most browsers would automatically recognise then it could easily be revoked. If they issued a self-signed cert then customers would get a warning about the site being unsafe until they set a security exemption in their browser. From a technical perspective, neither of these is a show-stopper, but I can imagine it putting off customers. If Chrome/Firefox flashes up a warning about it not being safe to proceed, what percentage of customers will go somewhere else? I'm guessing a lot!

As always, great advice and excellent points you made regarding the SSL certs. That might explain why I was warned - cert expired?


Could be. I think the issue is that obtaining a certificate that will automatically be accepted by most web browsers costs money. To get one, you normally have to verify your identity with the cert issuing authority. I seriously doubt someone running an IOP would wish to hand out their real ID etc. Even if they bought one, the issuer could revoke it once they were aware an IOP was using it. So for those reasons I would expect websites in that line of business to sign their own certs. These would check out cryptographically and secure your connection. But they wouldn't be automatically recognised by your web browser so that would generate a warning.

There is a new project called Let's Encrypt, that will be offering easy SSL installation for websites and free certs. It is backed by a lot of big internet companies and privacy advocates like EFF. It will make the technical process of installing SSL much easier for websites and lower the hassle of getting a cert than will automatically work in browsers. So, https is going to become much more normal.
Tor has its weaknesses and downsides same as anything. For one thing, the exit node can see your traffic and if you are entering login details it can see that too. Do not use tor when accessing any financial network from paypal to ebay to anything sensitive. If you are visiting a site on the darknet then there is no exit node because its all on tor. An "exit" node is where you go from tor to clearnet. It can be used for that but not for important data. Another downside of tor is it may allow malicious scripts on your computer. Do not click anything you don't trust and keep javascript turned off

A vpn or proxy hides your identity. It has many of the downsides of tor in that they can see your traffic and could steal your info if they wish. It is good in that the sites which block tor will usually not block your vpn. Another downside is many proxies and vpn's keep logs of activity to stop spammers and scammers and the usa injustice dept can order them to turn it over. Tor does not have that vulnerability. If using a vpn look for one in another country which makes it much harder. Avoid england and any country with too close ties to usa. Look for one that promises not to keep logs.

Using a vpn with tor has good and bad points. The good is that if using vpn first, your isp does not know you are using tor. If they block it that is your only option to use tor. Or find a better isp. Wink The downside is the vpn sees your traffic as well as the tor exit node if you are visiting clearnet.

A third option is to chain proxies or use them with a vpn. With a chain, they only see the last proxy and if obama's henchmen want to arrest you and try to get the logs from that proxy, they only see the proxy or vpn you used before it. They then have to go through the same process to get the data and by then the info is stale and logs have usually been deleted. If they only keep logs for a day that should be a cold trail and obama does not get another scalp in his war on drugs.
To say it a little better, "It’s important to remember that exit relays can see the original data sent by the client, since they have to pass that data to the destination. This means that, if credentials are passed over HTTP, FTP, or other cleartext protocols, the exit relays can sniff the traffic!"

Exit node is not for tor to clearnet though... It is for all traffic. It's just when surfing onions the data remains encrypted unlike the above quote.

Vpns cannot see all your traffic though. Only clearnet data coming through an exit node. Also vpns are flawed in how you sign up originally. If you connect yourself at all to it then it's not anonymous.
Pages: 1 2 3